Hi Bill on 04.11.2010 20:10, wfdudley wrote: > So the answer to my initial query appears to be that in order to configure a > LEAF/Bering/Shorewall router firewall, one has to read all the man pages > for the 30 or so configuration files, plus have a solid understanding of the > particular version of ip filtering that is on that week's version of Linux.
Nope, let's put it that way, you don't have this simple 2 port thingy but you want to have some kind of a DMZ, and you want it to be addressable by the few public addresses your ISP assigned to you. Now at least in my corner of the world this is not your typical end user set up. Looks a bit like mine, but that is at least part of my job. > > This is obviously designed as a deterrent against having too many users. :-) > I want to set up a firewall, not take a semester course in networking. > > If I had more knowledge of Linux networking/ip filtering/etc. I'd take the web > UI from pfSense or m0n0wall and graft it on to this mess and make a REAL > appliance firewall. Tragically, what with the job and all, that's unlikely. You actually could but mOnOwall, which I really like the design of has a much bigger footprint than leaf. Shorewall is a powerfull tool for small firewalls, as I said, for the bigger thingies I set up, I am using fwbuilder, which is easy to use on LEAF. I am running a number of WRAP boxes and a few NSA 1125 by Nexcom, all connected using IPSEC tunnels and performing really well. Sooner or later I will have to replace them with ALIX boxes. > > I'd be USING pfSense or m0n0wall, but their FreeBSD kernel and drivers are > flakey with my Alix2c3, so I'm left running an ancient Eigerstein/Dachstein on > a P60 desktop machine. I have a network that the cheapo Linksys/Netgear > consumer routers won't handle, so I guess I'm stuck with my ancient LRP > until the hardware fails. Naaaa, you are just grumpy because you hit a small impasse. The Alix box is a fine little thing, and works real well, maybe if you told us about your real probelm we might be able to help you. cheers Erich
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ The Next 800 Companies to Lead America's Growth: New Video Whitepaper David G. Thomson, author of the best-selling book "Blueprint to a Billion" shares his insights and actions to help propel your business during the next growth cycle. Listen Now! http://p.sf.net/sfu/SAP-dev2dev
------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
